-
-
Save ebeigarts/e129f7bd44ef06fbbb5ce028af8c9cdf to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: efgs-federation-gateway-config | |
| data: | |
| envoy.yaml: | | |
| static_resources: | |
| listeners: | |
| - address: | |
| socket_address: | |
| address: 0.0.0.0 | |
| port_value: 8443 | |
| access_log: | |
| - name: "envoy.access_loggers.file" | |
| typed_config: | |
| "@type": "type.googleapis.com/envoy.config.accesslog.v2.FileAccessLog" | |
| path: /dev/stdout | |
| filter_chains: | |
| - filters: | |
| - name: envoy.filters.network.http_connection_manager | |
| typed_config: | |
| "@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager | |
| codec_type: auto | |
| stat_prefix: ingress_http | |
| route_config: | |
| name: local_route | |
| virtual_hosts: | |
| - name: backend | |
| domains: | |
| - "*" | |
| routes: | |
| - match: | |
| prefix: "/" | |
| route: | |
| cluster: backend | |
| request_headers_to_add: | |
| - header: | |
| key: "X-SSL-Client-SHA256" | |
| value: "%DOWNSTREAM_PEER_FINGERPRINT_256%" | |
| append: true | |
| - header: | |
| key: "X-SSL-Client-DN" | |
| value: "%DOWNSTREAM_PEER_SUBJECT%" | |
| append: true | |
| - header: | |
| key: "X-Request-Start" | |
| value: "%START_TIME(%s.%3f)%" | |
| append: true | |
| http_filters: | |
| - name: envoy.filters.http.router | |
| typed_config: {} | |
| transport_socket: | |
| name: envoy.transport_sockets.tls | |
| typed_config: | |
| "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext | |
| require_client_certificate: true | |
| common_tls_context: | |
| validation_context: | |
| trust_chain_verification: ACCEPT_UNTRUSTED | |
| tls_certificates: | |
| certificate_chain: | |
| inline_string: | | |
| -----BEGIN CERTIFICATE----- | |
| MIICqDCCAZACCQCquzpHNpqBcDANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDDAtm | |
| cm9udC1lbnZveTAeFw0yMDA3MDgwMTMxNDZaFw0zMDA3MDYwMTMxNDZaMBYxFDAS | |
| BgNVBAMMC2Zyb250LWVudm95MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC | |
| AQEAthnYkqVQBX+Wg7aQWyCCb87hBce1hAFhbRM8Y9dQTqxoMXZiA2n8G089hUou | |
| oQpEdJgitXVS6YMFPFUUWfwcqxYAynLK4X5im26Yfa1eO8La8sZUS+4Bjao1gF5/ | |
| VJxSEo2yZ7fFBo8M4E44ZehIIocipCRS+YZehFs6dmHoq/MGvh2eAHIa+O9xssPt | |
| ofFcQMR8rwBHVbKy484O10tNCouX4yUkyQXqCRy6HRu7kSjOjNKSGtjfG+h5M8bh | |
| 10W7ZrsJ1hWhzBulSaMZaUY3vh5ngpws1JATQVSK1Jm/dmMRciwlTK7KfzgxHlSX | |
| 58ENpS7yPTISkEICcLbXkkKGEQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCmj6Hg | |
| vwOxWz0xu+6fSfRL6PGJUGq6wghCfUvjfwZ7zppDUqU47fk+yqPIOzuGZMdAqi7N | |
| v1DXkeO4A3hnMD22Rlqt25vfogAaZVToBeQxCPd/ALBLFrvLUFYuSlS3zXSBpQqQ | |
| Ny2IKFYsMllz5RSROONHBjaJOn5OwqenJ91MPmTAG7ujXKN6INSBM0PjX9Jy4Xb9 | |
| zT+I85jRDQHnTFce1WICBDCYidTIvJtdSSokGSuy4/xyxAAc/BpZAfOjBQ4G1QRe | |
| 9XwOi790LyNUYFJVyeOvNJwveloWuPLHb9idmY5YABwikUY6QNcXwyHTbRCkPB2I | |
| m+/R4XnmL4cKQ+5Z | |
| -----END CERTIFICATE----- | |
| private_key: | |
| inline_string: | | |
| -----BEGIN PRIVATE KEY----- | |
| MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC2GdiSpVAFf5aD | |
| tpBbIIJvzuEFx7WEAWFtEzxj11BOrGgxdmIDafwbTz2FSi6hCkR0mCK1dVLpgwU8 | |
| VRRZ/ByrFgDKcsrhfmKbbph9rV47wtryxlRL7gGNqjWAXn9UnFISjbJnt8UGjwzg | |
| Tjhl6EgihyKkJFL5hl6EWzp2Yeir8wa+HZ4Achr473Gyw+2h8VxAxHyvAEdVsrLj | |
| zg7XS00Ki5fjJSTJBeoJHLodG7uRKM6M0pIa2N8b6HkzxuHXRbtmuwnWFaHMG6VJ | |
| oxlpRje+HmeCnCzUkBNBVIrUmb92YxFyLCVMrsp/ODEeVJfnwQ2lLvI9MhKQQgJw | |
| tteSQoYRAgMBAAECggEAeDGdEkYNCGQLe8pvg8Z0ccoSGpeTxpqGrNEKhjfi6NrB | |
| NwyVav10iq4FxEmPd3nobzDPkAftfvWc6hKaCT7vyTkPspCMOsQJ39/ixOk+jqFx | |
| lNa1YxyoZ9IV2DIHR1iaj2Z5gB367PZUoGTgstrbafbaNY9IOSyojCIO935ubbcx | |
| DWwL24XAf51ez6sXnI8V5tXmrFlNXhbhJdH8iIxNyM45HrnlUlOk0lCK4gmLJjy9 | |
| 10IS2H2Wh3M5zsTpihH1JvM56oAH1ahrhMXs/rVFXXkg50yD1KV+HQiEbglYKUxO | |
| eMYtfaY9i2CuLwhDnWp3oxP3HfgQQhD09OEN3e0IlQKBgQDZ/3poG9TiMZSjfKqL | |
| xnCABMXGVQsfFWNC8THoW6RRx5Rqi8q08yJrmhCu32YKvccsOljDQJQQJdQO1g09 | |
| e/adJmCnTrqxNtjPkX9txV23Lp6Ak7emjiQ5ICu7iWxrcO3zf7hmKtj7z+av8sjO | |
| mDI7NkX5vnlE74nztBEjp3eC0wKBgQDV2GeJV028RW3b/QyP3Gwmax2+cKLR9PKR | |
| nJnmO5bxAT0nQ3xuJEAqMIss/Rfb/macWc2N/6CWJCRT6a2vgy6xBW+bqG6RdQMB | |
| xEZXFZl+sSKhXPkc5Wjb4lQ14YWyRPrTjMlwez3k4UolIJhJmwl+D7OkMRrOUERO | |
| EtUvc7odCwKBgBi+nhdZKWXveM7B5N3uzXBKmmRz3MpPdC/yDtcwJ8u8msUpTv4R | |
| JxQNrd0bsIqBli0YBmFLYEMg+BwjAee7vXeDFq+HCTv6XMva2RsNryCO4yD3I359 | |
| XfE6DJzB8ZOUgv4Dvluie3TB2Y6ZQV/p+LGt7G13yG4hvofyJYvlg3RPAoGAcjDg | |
| +OH5zLN2eqah8qBN0CYa9/rFt0AJ19+7/smLTJ7QvQq4g0gwS1couplcCEnNGWiK | |
| 72y1n/ckvvplmPeAE19HveMvR9UoCeV5ej86fACy8V/oVpnaaLBvL2aCMjPLjPP9 | |
| DWeCIZp8MV86cvOrGfngf6kJG2qZTueXl4NAuwkCgYEArKkhlZVXjwBoVvtHYmN2 | |
| o+F6cGMlRJTLhNc391WApsgDZfTZSdeJsBsvvzS/Nc0burrufJg0wYioTlpReSy4 | |
| ohhtprnQQAddfjHP7rh2LGt+irFzhdXXQ1ybGaGM9D764KUNCXLuwdly0vzXU4HU | |
| q5sGxGrC1RECGB5Zwx2S2ZY= | |
| -----END PRIVATE KEY----- | |
| clusters: | |
| - name: backend | |
| connect_timeout: 0.25s | |
| type: LOGICAL_DNS | |
| dns_lookup_family: V4_ONLY | |
| lb_policy: ROUND_ROBIN | |
| load_assignment: | |
| cluster_name: backend | |
| endpoints: | |
| - lb_endpoints: | |
| - endpoint: | |
| address: | |
| socket_address: | |
| address: efgs-federation-gateway-backend | |
| port_value: 8080 | |
| admin: | |
| access_log_path: "/dev/stdout" | |
| address: | |
| socket_address: | |
| address: 0.0.0.0 | |
| port_value: 8001 | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: efgs-federation-gateway | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| app: efgs-federation-gateway | |
| template: | |
| metadata: | |
| labels: | |
| app: efgs-federation-gateway | |
| spec: | |
| volumes: | |
| - name: efgs-federation-gateway-config-volume | |
| configMap: | |
| name: efgs-federation-gateway-config | |
| items: | |
| - key: envoy.yaml | |
| path: envoy.yaml | |
| containers: | |
| - name: efgs-federation-gateway | |
| image: envoyproxy/envoy-dev:latest | |
| resources: | |
| requests: | |
| cpu: 0.5 | |
| memory: 256Mi | |
| limits: | |
| cpu: 0.5 | |
| memory: 512Mi | |
| volumeMounts: | |
| - name: efgs-federation-gateway-config-volume | |
| mountPath: /etc/envoy | |
| ports: | |
| - containerPort: 8443 | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: efgs-federation-gateway | |
| spec: | |
| ports: | |
| - port: 443 | |
| targetPort: 8443 | |
| selector: | |
| app: efgs-federation-gateway | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: efgs-federation-gateway-backend | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| app: efgs-federation-gateway-backend | |
| template: | |
| metadata: | |
| labels: | |
| app: efgs-federation-gateway-backend | |
| spec: | |
| imagePullSecrets: | |
| - name: apturicovid-registry-credentials | |
| containers: | |
| - name: efgs-federation-gateway-backend | |
| image: docker.pkg.github.com/apturicovid/efgs-federation-gateway/backend:latest | |
| resources: | |
| requests: | |
| cpu: 0.1 | |
| memory: 256Mi | |
| limits: | |
| cpu: 0.5 | |
| memory: 1024Mi | |
| ports: | |
| - containerPort: 8080 | |
| env: | |
| - name: MYSQL_ROOT_PASSWORD | |
| value: admin | |
| - name: SPRING_PROFILES_ACTIVE | |
| value: "mysql" | |
| - name: SPRING_DATASOURCE_URL | |
| value: "jdbc:mysql://efgs-federation-gateway-mysql:3306/fg" | |
| - name: SPRING_DATASOURCE_USERNAME | |
| value: "fg_user" | |
| - name: SPRING_DATASOURCE_PASSWORD | |
| value: "pass" | |
| - name: SPRING_LIQUIBASE_USER | |
| value: "fg_adm" | |
| - name: SPRING_LIQUIBASE_PASSWORD | |
| value: "admin" | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: efgs-federation-gateway-backend | |
| spec: | |
| ports: | |
| - port: 8080 | |
| selector: | |
| app: efgs-federation-gateway-backend | |
| --- | |
| apiVersion: v1 | |
| kind: PersistentVolumeClaim | |
| metadata: | |
| name: efgs-federation-gateway-mysql-data-disk | |
| spec: | |
| accessModes: | |
| - ReadWriteOnce | |
| resources: | |
| requests: | |
| storage: 1Gi | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: efgs-federation-gateway-mysql | |
| labels: | |
| app: efgs-federation-gateway-mysql | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| app: efgs-federation-gateway-mysql | |
| template: | |
| metadata: | |
| labels: | |
| app: efgs-federation-gateway-mysql | |
| spec: | |
| containers: | |
| - name: mysql | |
| image: mysql:5.7 | |
| ports: | |
| - containerPort: 3306 | |
| volumeMounts: | |
| - mountPath: "/var/lib/mysql" | |
| subPath: "mysql" | |
| name: efgs-federation-gateway-mysql-data | |
| env: | |
| - name: MYSQL_DATABASE | |
| value: "fg" | |
| - name: MYSQL_ROOT_PASSWORD | |
| value: "admin" | |
| - name: MYSQL_USER | |
| value: "fg_adm" | |
| - name: MYSQL_PASSWORD | |
| value: "admin" | |
| volumes: | |
| - name: efgs-federation-gateway-mysql-data | |
| persistentVolumeClaim: | |
| claimName: efgs-federation-gateway-mysql-data-disk | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: efgs-federation-gateway-mysql | |
| spec: | |
| selector: | |
| app: efgs-federation-gateway-mysql | |
| ports: | |
| - protocol: TCP | |
| port: 3306 | |
| targetPort: 3306 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
kubectl apply -f efgs-federation-gateway.yml